OpenAI API (api.openai.com) resolving to private 172.x.x.x addresses via Cloudflare

Website, Application, Performance DNS & Network
1

What is the name of the domain?

api.openai.com

What is the error number?

n/a

What is the error message?

n/a - DNS resolution issue“

What is the issue you’re encountering

Since yesterday, api[dot]openai[dot]com resolves to 172.x.x.x addresses globally, regardless of the DNS provider (1[dot]1[dot]1[dot]1, 8[dot]8[dot]8[dot]8, 9[dot]9[dot]9[dot]9). Result: OpenAI services are inaccessible in affected regions. Test results: nslookup api[dot]openai[dot]com 1[dot]1[dot]1[dot]1 → Returns 172.66.0.243 traceroute api[dot]openai[dot]com → Traffic gets stuck in Cloudflare’s network OpenAI’s status page reports no issues, but this DNS resolution seems incorrect.

What steps have you taken to resolve the issue?

Tested with different DNS providers (1[dot]1[dot]1[dot]1, 8[dot]8[dot]8[dot]8, 9[dot]9[dot]9[dot]9) – same result everywhere.
Used VPNs in multiple countries (EU, US) – issue persists globally.
Checked OpenAI’s status page – no incidents reported.
Looked for OpenAI support options – no direct way to report this problem.

What feature, service or problem is this related to?

DNS records

What are the steps to reproduce the issue?

Run nslookup api[dot]openai[dot]com 1[dot]1[dot]1[dot]1 → It resolves to 172.66.0.243
Run traceroute api[dot]openai[dot]com → Traffic gets stuck in Cloudflare
OpenAI services are completely unreachable in affected locations

Screenshot of the error

oai_routing.png
oai_routing.png702×236 5.28 KB

2

172.66.0.243 is a Cloudflare IP address, it’s not in the private IP range (which is 172.16.0.0 to 172.31.255.255). Your screenshot shows the traceroute reaches the destination so that’s ok.

I don’t use the API myself, but I can reach it ok. Which locations do you think are affected?

curl -Ivv -4 https://api.openai.com
* Host api.openai.com:443 was resolved.
* IPv6: (none)
* IPv4: 172.66.0.243, 162.159.140.245
*   Trying 172.66.0.243:443...
* Connected to api.openai.com (172.66.0.243) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=api.openai.com
*  start date: Jan 22 23:17:53 2025 GMT
*  expire date: Apr 23 00:17:50 2025 GMT
*  subjectAltName: host "api.openai.com" matched cert's "api.openai.com"
*  issuer: C=US; O=Google Trust Services; CN=WE1
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://api.openai.com/
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: api.openai.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
> HEAD / HTTP/2
> Host: api.openai.com
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/2 421
HTTP/2 421
< date: Mon, 03 Mar 2025 21:32:34 GMT
date: Mon, 03 Mar 2025 21:32:34 GMT
< content-type: application/json
content-type: application/json
< content-length: 124
content-length: 124
< set-cookie: __cf_bm=T57g0NqeEmjYi2Ntf0MtJo9UyUpbtqPdg1xfjPuea4w-1741037554-1.0.1.1-IalSlENvS2q2xnhW2Dcdn4ydlMYOZvXXYcwPUtboVRwouIz9LjC0L5PyZOLVidPrX_mV9TOxHca6sHwAdqQ6GtG0g5objhRItr4lk3F_jp0; path=/; expires=Mon, 03-Mar-25 22:02:34 GMT; domain=.api.openai.com; HttpOnly; Secure; SameSite=None
set-cookie: __cf_bm=T57g0NqeEmjYi2Ntf0MtJo9UyUpbtqPdg1xfjPuea4w-1741037554-1.0.1.1-IalSlENvS2q2xnhW2Dcdn4ydlMYOZvXXYcwPUtboVRwouIz9LjC0L5PyZOLVidPrX_mV9TOxHca6sHwAdqQ6GtG0g5objhRItr4lk3F_jp0; path=/; expires=Mon, 03-Mar-25 22:02:34 GMT; domain=.api.openai.com; HttpOnly; Secure; SameSite=None
< strict-transport-security: max-age=31536000; includeSubDomains; preload
strict-transport-security: max-age=31536000; includeSubDomains; preload
< x-content-type-options: nosniff
x-content-type-options: nosniff
< server: cloudflare
server: cloudflare
< cf-ray: 91ac3f4bee82ccc9-LHR
cf-ray: 91ac3f4bee82ccc9-LHR
< alt-svc: h3=":443"; ma=86400
alt-svc: h3=":443"; ma=86400
<

* Connection #0 to host api.openai.com left intact
1 Like
3

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.